Mambo / Joomla! Multiple Components 'mosConfig_live_site' Parameter Remote File Include

A third-party component for Mambo or Joomla! is running on the remote host. At least one such component is affected by a remote file include vulnerability due to improper sanitization of user-supplied input to the 'mosConfiglivesite' parameter before using it to include PHP code. Provided the PHP...

CRS Manager ($DOCUMENT_ROOT) Multi Remote File Include

X---- w w w . u N k n 0 w n . e u ----X CRS Managercrsmanager Multi Remote File Include ::Home: http://crsmanager.berlios.de ::Vuln Type : Remote File Include RFI ::Discovered by : iNs ::Vuln Code: index.php login.php ?php require $DOCUMENTROOT."/../admin/settings/conf.php"; PoC:...

CARE2X php Integ Hospital Info System 2G Deployment 2.2 Multi Remote File Include

X---- w w w . u N k n 0 w n . e u ----X CARE2X php Integ Hospital Info System 2G Deployment 2.2 Multi Remote File Include ::Home: http://care2x.org/ http://sourceforge.net/projects/care2002/ ::Vuln Type : Remote File Include RFI ::Discovered by : iNs ::Vuln Code: /language/en/encopyrite.php ?php...

phpreality-rfi.txt

|-------------------------------------------------------------------------------| | | | phpRealty 0.02 MGR Remote File include | | | | Script : phpRealty | | Version : 0.02 | | Authord : QTRinux | | Contact : Qataro at hotmail dot com | | Vendor : http://phprealty.budissy.com/phprealty/v0.02/ | |...

Pulsewiki And Pawfaliki 0.5.1 - 'index.php' Local File Inclusion

source: https://www.securityfocus.com/bid/25575/info Pulsewiki and Pawfaliki are prone to a local file-include vulnerability because the software fails to sufficiently sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...

Claroline 1.x - admincampusProblem.php?view Cross-Site Scripting

Claroline 1.x - admincampusProblem.php?view Cross-Site Scripting source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in...

Claroline 1.x - adminadminusers.php?dir Cross-Site Scripting

Claroline 1.x - adminadminusers.php?dir Cross-Site Scripting source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the...

Claroline 1.x - '/admin/advancedUserSearch.php?action' Cross-Site Scripting

source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which m...

Claroline 1.x - '/admin/campusProblem.php?view' Cross-Site Scripting

source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which m...

Claroline 1.x - '/admin/adminusers.php?dir' Cross-Site Scripting

source: https://www.securityfocus.com/bid/25521/info Claroline is prone to a local file-include vulnerability and multiple cross-site scripting vulnerabilities. An attacker could exploit these issues to execute local script code in the context of the application and access sensitive data, which m...

someryc-rfi.txt

SomeryC = v0.2.4 Remote File Include Vendor: http://someryc.mostpopularcomic.com download http://someryc.mostpopularcomic.com/sC024.zip found by: Katatafish [email protected] d0rk: "powered by someryc" vuln-code/admin/system/include.php: if $start .... include"$skindir/header.php";...

SomeryC 0.2.4 - 'include.php?skindir' Remote File Inclusion

SomeryC = v0.2.4 Remote File Include Vendor: http://someryc.mostpopularcomic.com download http://someryc.mostpopularcomic.com/sC024.zip found by: Katatafish [email protected] d0rk: "powered by someryc" vuln-code/admin/system/include.php: if $start .... include"$skindir/header.php";...

CVE-2007-4536

TorrentTrader 1.07 and earlier sets insecure permissions for files in the root directory, which allows attackers to execute arbitrary PHP code by modifying 1 disclaimer.txt, 2 sponsors.txt, and 3 banners.txt, which are used in an include call. NOTE: there might be local attack vectors that extend...

Arcadem 2.01 - index.php Remote File Inclusion

Arcadem 2.01 - index.php Remote File Inclusion source: https://www.securityfocus.com/bid/25432/info Arcadem is prone to a remote file-include vulnerability because it fails to sufficiently sanitize user-supplied data. Exploiting this issue may allow an attacker to compromise the application and t...

Note:the IIS under another dangerous ISAPI extension-a vulnerability warning-the black bar safety net

We first look at a report on the SSI: SSI what is the use? The reason you want to pull to the ssi, because shtml--server-parsed HTML of the acronym. Contains embedded server-side include command in the HTML text. In is transmitted to the browser before the server will SHTML document is completely...

dalai-rfi.txt

============================================================================================== Dalai Forum Remote File Inclusion Exploit =============================================================================================== DORK : "Dalai Forum"...

mcLinksCounter 1.2 Remote File Include by iNs

App Name : mcLinksCounter 1.2 HomePage: http://www.phpforums.net Vuln type : Remote File Include RFI Vuln Discovered by : iNs BUG: on file stats.php ,login.php ,detail.php : include "$langfile"; PoC: http://www.site.com/path/stats.php?langfile=sH3lLz? iNs @ uNkn0wn.eu Gr33tz t0: uNkn0wn.eu - iD -...

Butterfly online vistors counter 1.08 RFI

App Name : Butterfly online vistors counter v.1.08 HomePage : http://www.phoenix.frihost.net/butterfly/readme.php Vuln type : Remote File Include RFI Vulnerability Discovered by : iNs Vuln Code: visitor.php includeonce $SERVER"DOCUMENTROOT" . "/butterfly/custom.php"; // include settings POC:...

My_REFERER v.1.08 Remote File Include

App Name : MyREFERER v.1.08 HomePage : http://www.phoenix.frihost.net/referer/readme.php Vuln type : Remote File Include RFI Vulnerability Discovered by : iNs Vuln Code: login.php include"$value"; POC: htttp://site.com/path/login.php?value=SHELL.txt?? iNs @ uNkn0wn.eu Gr33tz t0: uNkn0wn.eu - iD -...

Dalai Forum 1.1 - 'forumreply.php' Local File Inclusion

source: https://www.securityfocus.com/bid/25361/info Dalai Forum is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. Exploiting this issue may allow an unauthorized user to view files and execute local scripts...